户外体育赛事风险分析工具

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud sports-video analysis tool, but it has under-disclosed identity, storage, history lookup, and mismatched surveillance/health-analysis behavior that users should review before installing.

Install only if you trust the Life Emergence backend and are comfortable sending participant footage, video URLs, and user identifiers to that service. Before use with real people, verify consent, retention/deletion terms, report-history authorization, credential storage behavior, and whether the smoking/biometric/health-inference documentation is intentional.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (29)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 85% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 85% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Intent-Code Divergence

High

Confidence: 95% confidence
Finding: The Chinese section describes unrelated smoking-detection surveillance behavior, which is inconsistent with the stated sports-safety purpose. This kind of scope mismatch is dangerous because it can mislead reviewers and users about actual processing goals, enabling unauthorized surveillance use cases or accidental invocation for a different domain than expected.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: This service exposes generic CRUD-style operations (`list`, `add`, `edit`, `delete`) that go beyond the stated purpose of sports video safety risk analysis. In a skill whose declared function is analysis and warning generation, management operations on backend records enlarge the attack surface and may enable unauthorized modification or deletion of camera- or analysis-related resources if higher layers invoke them improperly.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The skill provides a delete operation keyed by `cameraSn`, which is not justified by the declared sports-risk analysis functionality. If exposed to an agent workflow or user-controlled input, this could delete camera-related resources or associated records, causing loss of monitoring capability, integrity issues, and potentially disrupting safety operations during events.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The function exposes analysis-history retrieval based solely on a caller-supplied open_id and performs no authorization or ownership verification in this file. In a safety-video context, prior analysis results may contain sensitive health, injury, or activity information, so allowing arbitrary identifier lookup creates an insecure direct object reference and privacy breach risk.

Context-Inappropriate Capability

Medium

Confidence: 83% confidence
Finding: This helper constructs a direct export URL from a request_id without any access control, signature, or expiry handling visible here. If request IDs are guessable or leaked, the skill may facilitate unauthorized downloading of previous analysis artifacts outside the user’s current analysis action.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The API response describes face detection, constitution assessment, organ-condition analysis, and health advice that do not match the stated purpose of outdoor sports video safety risk analysis. This mismatch is dangerous because it suggests the skill may collect and process sensitive biometric and health-like data under a misleading description, creating both privacy risk and unsafe reliance on irrelevant or pseudomedical output in a safety-critical context.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: Traditional constitution and organ-condition diagnosis is not justified by the skill's stated sports-safety use case and appears medically unsupported in this context. In a tool marketed for timely warnings during sports events, such unsupported inferences can mislead operators or participants, causing inappropriate decisions while also processing sensitive health-related data without clear necessity.

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The script exposes a `--list` path that retrieves prior analysis history via `skill.get_output_analysis_list(open_id=open_id)`, but this capability is not reflected in the declared skill purpose. Hidden or undocumented data-access features are security-relevant because they can expand the effective data surface and enable unintended access to prior records if authorization is weak elsewhere in the stack. In this sports-safety context, those records may contain sensitive health or participant-analysis data, which makes undisclosed history retrieval more concerning.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: This file exposes generic add/edit/delete and arbitrary HTTP verb wrappers that are not constrained to the stated sports video safety-analysis purpose. In an agent skill context, such broad network primitives can be repurposed to access or modify unintended remote resources, increasing the attack surface and enabling capability creep beyond the declared function.

Description-Behavior Mismatch

Medium

Confidence: 85% confidence
Finding: The implementation is a reusable general API client rather than logic specific to sports safety video analysis, which means the skill carries broader capabilities than users would reasonably expect from its description. In security-sensitive agent ecosystems, this mismatch is dangerous because a generic client can be invoked for unrelated network interactions, data access, or integration paths not covered by the stated use case.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: This file defines a generic user DAO and stores sensitive authentication material such as token and open_token, which is unrelated to the declared sports video safety-analysis purpose. The capability mismatch increases risk because it introduces credential-handling and account-modification functionality that could be abused for unauthorized data collection, persistence, or lateral access within the agent environment.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The file implements a general-purpose `ai_chat` capability that is not aligned with the manifest’s stated purpose of sports video safety analysis. Hidden or unnecessary agent-invocation surfaces expand the skill’s effective privilege and behavior, making it easier to introduce prompt injection, data exfiltration, or unauthorized external interactions if this method is later enabled or called by other components.

Intent-Code Divergence

Medium

Confidence: 77% confidence
Finding: The docstring and comments claim the code invokes `openclaw agent` via subprocess, but the implementation does not do so and instead uses a fake `result: dict = {}` path that will fail at runtime when accessing `result.stderr` or `result.stdout`. This mismatch is dangerous because it obscures the code’s real behavior during review and can conceal incomplete, disabled, or intentionally misleading execution paths that later get re-enabled without proper security scrutiny.

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: This utility silently performs account provisioning, token acquisition, and local persistence of user records in a skill whose stated purpose is sports-risk video analysis. That creates an unnecessary identity/authentication side channel and expands the attack surface: a caller can trigger user creation, token handling, and database writes without any clear user consent or clear relation to the advertised function.

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: On payment/balance failure, the code instructs users to install and use an unrelated payment skill, creating cross-skill redirection not disclosed by the manifest. This is risky because it can nudge users into additional actions outside the expected sports-analysis workflow and could be abused for dark-pattern monetization or trust confusion.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill uses broad natural-language phrases to auto-trigger historical report lookup, which can cause unintended execution and retrieval of prior reports. Because historical reports may contain sensitive health, biometric, or event data, overbroad triggers increase the risk of accidental disclosure or unnecessary cloud queries without clear user intent.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The default activation condition is loosely defined around any request involving sports video risk analysis, without clear boundaries on when the skill should engage. Ambiguous activation can lead to unintended processing of uploaded videos, including sensitive participant imagery and inferred health data, even when the user did not intend to invoke this workflow.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill describes analysis of gait, facial expressions, injuries, and wearable-derived physiological data, all of which are sensitive biometric/health-related data, but it does not warn users about the privacy implications. In this context, omission is dangerous because users may unknowingly submit highly sensitive data for analysis and storage/transmission without informed consent.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill states that uploaded attachments or video files are automatically saved locally, but it does not inform users about local retention, disk usage, or exposure risk. Local copies of sports videos may contain identifiable individuals and health-related observations, so silent persistence increases the risk of unauthorized access, over-retention, and forensic residue.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill mandates sending historical report queries to a cloud API but provides no explicit warning that report metadata and identifiers will be transmitted remotely. This is risky because historical sports/health reports may contain sensitive personal information, and users may not expect remote disclosure when asking to view prior analyses.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The delete operation is destructive and this code shows no indication of confirmation, warning, or safeguard before issuing the request. In the context of a sports safety analysis skill, silent destructive actions are particularly risky because they can remove camera resources or records needed for ongoing monitoring and incident review.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The analysis routine forwards a local file path or remote URL into a skill method that likely submits video to an external service, yet the CLI does not clearly warn users that sensitive sports footage and health-related observations may leave the local environment. In this domain, videos can contain biometric, medical, and location-sensitive data, making undisclosed third-party transmission a meaningful privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documentation instructs users to upload videos or submit public video URLs to a remote API and the response includes face detection and health-related analysis, but there is no warning about biometric, medical, or personal data handling. This is dangerous because users may unknowingly transmit highly sensitive participant data to an external service without informed consent, retention limits, security expectations, or compliance controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal